SecurityFocus

Cracking preshared keys Apr 23 2003 10:35AM
Michael Thumann (mthumann ernw de) (2 replies)

Re: Cracking preshared keys Apr 24 2003 12:08AM
daw mozart cs berkeley edu (David Wagner) (3 replies)

Re: Cracking preshared keys Apr 26 2003 05:26PM
Stefan Laudat (stefan worldbank ro)

Re: Cracking preshared keys Apr 25 2003 04:34AM
Curt Sampson (cjs cynic net)

Re: Cracking preshared keys Apr 24 2003 07:31PM
Michael Thumann (mlthumann ids-guide de)

Re: Cracking preshared keys Apr 23 2003 07:46PM
Damir Rajnovic (gaus cisco com) (2 replies)

Re: Cracking preshared keys Apr 24 2003 03:30AM
Derek (derekm rogers com)

Re: Cracking preshared keys Apr 24 2003 01:10AM
Gary Flynn (flynngn jmu edu) (1 replies)

Re: Cracking preshared keys Apr 24 2003 07:46PM
Michael Thumann (mthumann ernw de) (1 replies)

Re: Cracking preshared keys Apr 24 2003 07:41PM
Gary Flynn (flynngn jmu edu)

Michael Thumann wrote:
> To get the XAUTH based authentication information (that is the part
> where the RADIUS Server is involved) you must start a man in the middle
> attack and this MITM attack is only possible when you've already cracked
> the preconfigured preshared key and when you are in physical position to
> perform a MITM attack (that's really not too easy).
>
> Hope that helps ;-

I'm not sure that XAUTH is the same as the "IKE Shared Secret AAA".
I got the impression from the Cisco docs that with the latter,
either the Radius password or something derived from it was used to
create the shared key for the initial Diffie-Hellman exchange.

I've documented my (probably faulty) understanding of the
process here:

http://www.jmu.edu/computing/security/vpnauth.shtml

Thanks for any clarity you can lend.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

[ reply ]